CN108352991B - Information processing apparatus and unauthorized message detection method - Google Patents

Information processing apparatus and unauthorized message detection method Download PDF

Info

Publication number
CN108352991B
CN108352991B CN201680063971.8A CN201680063971A CN108352991B CN 108352991 B CN108352991 B CN 108352991B CN 201680063971 A CN201680063971 A CN 201680063971A CN 108352991 B CN108352991 B CN 108352991B
Authority
CN
China
Prior art keywords
information
processing apparatus
information processing
message
freshness
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201680063971.8A
Other languages
Chinese (zh)
Other versions
CN108352991A (en
Inventor
森田伸义
萱岛信
井手口恒太
大和田彻
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hitachi Astemo Ltd
Original Assignee
Hitachi Automotive Systems Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hitachi Automotive Systems Ltd filed Critical Hitachi Automotive Systems Ltd
Publication of CN108352991A publication Critical patent/CN108352991A/en
Application granted granted Critical
Publication of CN108352991B publication Critical patent/CN108352991B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C1/00Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • H04L9/0662Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/12Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40208Bus networks characterized by the use of a particular bus standard
    • H04L2012/40215Controller Area Network CAN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40267Bus for use in transportation systems
    • H04L2012/40273Bus for use in transportation systems the transportation system being a vehicle
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Abstract

An information processing apparatus that receives a communication message generated based on update information and control data from another information processing apparatus includes: a freshness information generation unit that generates freshness information; and a freshness information management unit that extracts the freshness information from the received communication message.

Description

Information processing apparatus and unauthorized message detection method
Technical Field
The invention relates to an information processing apparatus and an unauthorized message detection method.
Background
As a representative standard protocol in an on-vehicle Network of an automobile, CAN (Controller Area Network) is spreading. In such an in-vehicle network, it is assumed that an unauthorized device is connected to an interface such as an On-Board-Diagnostics (OBD) 2(On-Board-Diagnostics 2) port directly connected to the in-vehicle network, and a replay attack is performed from the unauthorized device. Here, the replay attack is an attack in which a message flowing through a communication path is intercepted and acquired in advance, and the acquired message is retransmitted, thereby causing an unauthorized operation. Further, a case is also assumed where an information processing device that cooperates with a system outside the vehicle is infected with malware.
In general, it is effective for these threats to perform Message Authentication using a MAC (Message Authentication Code) as a tamper detection symbol for a Message flowing between the information processing apparatuses. For example, a communication system of a message in which a MAC is embedded in an in-vehicle network is disclosed in JP 2013-098719 (patent document 1). In the communication system described in patent document 1, each information processing apparatus counts the number of times a message is transmitted for each message ID. The information processing apparatus on the transmitting side generates a MAC from the data, the number of transmissions, and the message ID. The information processing apparatus on the receiving side calculates a MAC based on the data in the received message, the number of transmissions, and the message ID, and compares the MAC with a MAC received separately. When the calculated MAC is different from the received MAC, the information processing apparatus on the receiving side does not accept the ID message thereafter, thereby coping with replay attack and infection by malware.
Prior art documents
Patent document
Patent document 1: japanese patent application laid-open No. 2013-098719
Disclosure of Invention
Problems to be solved by the invention
However, in the communication system described in patent document 1, since two messages, i.e., a message including MAC and a message including control data, are transmitted, there is a problem that the number of messages increases.
Means for solving the problems
According to a first aspect of the present invention, an information processing apparatus that receives a communication message generated based on update information and control data from another information processing apparatus includes: a freshness information generation unit that generates freshness information; and a freshness information management unit that extracts the freshness information from the received communication message.
According to a second aspect of the present invention, a dishonest message detection method is a method of detecting, in another information processing apparatus, whether a communication message generated by one information processing apparatus based on freshness information and control data is a dishonest message, in which a processor of the one information processing apparatus generates freshness information and a processor of the other information processing apparatus extracts the freshness information from the communication message.
Effects of the invention
According to the present invention, it is possible to verify a communication message without increasing the number of messages.
Drawings
Fig. 1 is a block diagram showing a configuration example of a control unit.
Fig. 2 is a flowchart showing an example of processing in the control unit.
Fig. 3 is a flowchart showing an example of the process of generating the update information in the information processing apparatus.
Fig. 4 is a flowchart showing an example of processing at the time of communication message transmission in the information processing apparatus.
Fig. 5 is a diagram showing an example of a data structure of a communication message.
Fig. 6 is a flowchart showing an example of processing at the time of communication message reception in the information processing apparatus.
Fig. 7 is a flowchart showing an example of the unauthorized message determination process in the information processing apparatus.
Fig. 8 is a diagram showing an example of a table structure of the verification rule information.
Detailed Description
(embodiment 1)
The information processing device 20 of the present embodiment is an in-vehicle information processing device 20. The information processing apparatus 20 decodes the encrypted message encrypted with the latest information shared by only the information processing apparatuses 20 according to a predetermined authentication rule. Here, the freshness information is information related to the freshness of the communication message, and is, for example, a sequence number string, a count value, time information, and the like. The information processing apparatus 20 verifies whether or not the decoded message is restored to a predetermined data structure, thereby determining whether or not the received message is an unauthorized message. However, the technical idea of the present invention is not limited to this example. The encryption key and the seed used in each information processing device 20 may be distributed, managed, and updated safely, and may be distributed and updated at any timing such as when the engine is started or stopped, when the product is developed, and when the product is maintained.
Fig. 1 is a block diagram showing a configuration example of the control unit 10. The control unit 10 includes a plurality of information processing devices 20A and 20B. The information processing devices 20A and 20B are connected to each other via the CAN bus 15. Hereinafter, the description will be given with reference to the symbol 20 on behalf of the information processing apparatuses 20A and 20B. The information processing device 20 includes a control unit 1 and a communication I/O2 connected to each other by a bus 3. The present invention can also be applied to a control unit 10 including three or more information processing devices 20.
The control unit 1 is configured to include a processor such as a CPU or an FPGA, a ROM or a RAM as a storage device, and an arithmetic processing device having other peripheral circuits and the like. The processor executes the program stored in the storage device, thereby controlling each hardware in the device. Each program may be stored in a storage device in the information processing apparatus in advance, or may be provided with an input/output interface in the information processing apparatus 20, and may be introduced from another apparatus to the storage device via the input/output interface and a medium usable by the information processing apparatus 20, if necessary. Here, the medium refers to, for example, a storage medium or a communication medium (that is, a network such as a wired, wireless, or optical network, or a carrier wave or a digital signal propagating through the network) that is attachable to and detachable from the input/output interface.
The control unit 1 functionally includes: a freshness information generating unit 101 for generating freshness information shared by the information processing apparatuses 20; a freshness information management unit 102 for updating the freshness information in accordance with the number of messages flowing between the information processing apparatuses or the type of the messages; a key management unit 103 that manages key data for encryption/decryption processing and generating the latest information; a communication message control unit 104 that generates a message at the time of transmission; an encryption processing unit 105 that encrypts a message; a cipher related information storage unit 106 for storing information related to a cipher utilization technique, such as an initial value, key data, and update information at the time of encryption/decryption processing; and a communication information storage unit 107 for storing information necessary for message transmission/reception processing, such as a counter value of a message flowing through the communication path.
The control unit 1 also functionally includes: a message analysis unit 108 for analyzing the data structure of the received message; a decoding processing unit 109 for decoding the message based on the data structure decomposed by the message analysis unit 108; a verification rule information storage unit 110 in which a predetermined rule is defined; a dishonest message verification unit 111 that verifies the completeness of a message decoded based on the rule acquired from the verification rule information storage unit 110; and a synchronization processing unit 112 for synchronizing the latest information among the information processing apparatuses.
The communication I/O2 receives a transmission message from another information processing apparatus 20 via a communication path and performs some physical action. Further, the communication I/O2 transmits some messages to other information processing apparatuses 20 via a communication path. The communication path is, for example, a CAN bus 15.
Fig. 2 is a flowchart showing an example of processing in the control unit 10. Here, the information processing device 20A will be described as the transmission information processing device 21, and the information processing device 20B will be described as the reception information processing device 22. Therefore, the flowchart shows an unauthorized message detection processing sequence between the transmission information processing apparatus 21 and the reception information processing apparatus 22. The transmission information processing device 21 and the reception information processing device 22 are devices exemplified as an information processing device that transmits a message and an information processing device that receives a message from the plurality of information processing devices 20.
In step 211, the communication message control unit 104 acquires the control data transmitted by the transmission information processing device 21. In step 212, the freshness information management unit 102 acquires the freshness information generated by the freshness information generation unit 101 from the password-related information storage unit 106, and adds the freshness information to the control data acquired in step 211 based on a predetermined rule. In step 213, the encryption processing unit 105 acquires the encryption key from the key management unit 103, and encrypts the control data to which the update information is given in step 212.
In step 214, the communication message control unit 104 adds header information such as CAN-ID and trailer information to the control data encrypted in step 213, and generates a communication message. At step 215, communication message control unit 104 transmits the communication message generated at step 214 to receiving information processing apparatus 22.
In step 221, the communication message control unit 104 performs CRC verification defined by the CAN communication protocol, and when an error is detected in the CRC verification, discards the received communication message and performs a predetermined error process. In step 222, the decoding processing section 109 acquires the key used in the decoding processing from the key management section 103, and decodes the message determined to have no error in the CRC verification in step 221.
In step 223, the latest information management unit 102 performs processing based on a predetermined verification rule associated with an ID assigned for each type of communication message on the message decoded in step 222. In step 224, the unauthorized message authentication unit 111 acquires, from the authentication rule information storage unit 110, the authentication rule determined in association with the ID assigned to each type of communication message, for the message obtained in the process of step 223. The unauthorized message authentication unit 111 performs a determination process in compliance with the authentication rule, and performs a predetermined error process without deviating from the authentication rule. In step 225, when the communication message control unit 104 determines that the verification rule is complied with in step 224, it executes a normal control process.
Through the above steps, the transmission information processing device 21 can transmit a message to the reception information processing device 22, and the reception information processing device 22 can determine whether or not the received message is an unauthorized message.
Fig. 3 is a flowchart showing an example of the process of generating the update information in the information processing device 20. Fig. 3 shows a schematic processing flow in which a pseudo random number generator is used to generate a serial number as an example of the freshness information generated by the information processing device 20 at the time of engine start, immediately before communication between information processing devices, or at an intermittent time of communication between information processing devices.
In step 301, the latest information management unit 102 acquires a seed of the pseudo random number generator, auxiliary information for generating the pseudo random number, or an internal state of the pseudo random number generator. These are incidental information necessary for generating the serial number from the encryption related information storage unit 106 using information indicating a reference destination of incidental information necessary for generating the serial number. Here, the auxiliary information for generating the pseudo random number is, for example, an Initial Value (IV) which is one of inputs of the pseudo random number generator. The internal state of the pseudo random number generator is information necessary for generating a random number next to and subsequent to the outputted random number.
In step 302, the latest information generation unit 101 generates a pseudo-random number sequence using the seed, the auxiliary information, or the internal state acquired in step 301. In step 303, the latest information generation unit 101 generates a sequence number string from the pseudo random number sequence generated in step 302 by a predetermined method. In step 304, the freshness information management unit 102 stores the sequence number string generated in step 303 in the password-related information storage unit 106 as the freshness information. In addition, the latest information may be stored in the memory or in the 2-time storage device.
In step 305, the latest information management unit 102 updates the information for determining whether or not the generation of the serial number is necessary, and ends. Here, the information for determining whether or not the sequence number needs to be generated is, for example, information corresponding to the number of pseudo random number sequences generated for use in the sequence number and the start address of an unused pseudo random number. For example, when the data size of the sequence number is b bits and a pseudo random number of b × m bits is generated, the number of pseudo random number sequences is m. When a b-bit pseudo random number is acquired when a sequence number is acquired as the latest information, the number of pseudo random number sequences is updated from m to m-1, and the start address is updated to the start address of the next b-bit pseudo random number.
In the pseudo random number generation processing in step 302, each information processing apparatus 20 may share a predetermined number in advance, and update the seed every time the byte length of the pseudo random number sequence generated from one seed reaches a predetermined number. The seed may be updated, for example, by generating a seed when the byte length of a pseudo random number sequence generated from one seed reaches a predetermined number in a certain information processing apparatus, encrypting the seed for updating as a plaintext, and transmitting the encrypted seed to another information processing apparatus 20. By performing the updating of the seed, etc., the following effects are obtained: it becomes more difficult for a third party who does not have knowledge of the seed to predict the sequence number.
Through the above steps, the information processing apparatus 20 can generate the latest information shared among the information processing apparatuses.
Fig. 4 is a flowchart showing an example of processing at the time of communication message transmission in the information processing apparatus 21. Fig. 4 shows a schematic flow of processing performed when the transmission information processing apparatus 21 generates a message for discriminating an unauthorized message and transmits the message, in steps 211 to 215 in fig. 2. The processing from step 301 to step 305 shown in fig. 3 may be performed before the process flow of fig. 4 is started. At this time, the latest information management unit 102 refers to the information for determining whether or not the generation of the sequence number stored in the encryption related information storage unit 106 is necessary, and when the generation of the sequence number is necessary, performs the generation processing of the sequence number string using the incidental information necessary for the generation of the sequence number stored in the encryption related information storage unit 106, and when the generation of the sequence number is unnecessary, skips the present processing.
In step 41, the communication message control unit 104 acquires control parameter information used for controlling the traveling of the vehicle, for example, from a sensor device or the like provided in the transmission information processing device 21. In step 42, the communication message control unit 104 checks the CAN-ID determined for each type of the control data acquired in step 41, and determines the process type.
Fig. 8 is a diagram showing an example of the table structure of the verification rule information 81. That is, the table structure shown in fig. 8 is an example of the verification rule information 81 stored in the verification rule information storage unit 110 referred to in step 42. The CAN-ID811 represents ID information of a message, which is information for identifying control data given to the message. In fig. 8, CAN-ID811 is used as an example of information for identifying control data added to a message, but information other than CAN-ID may be used as long as it is information capable of identifying control data added to a message.
The processing type 812 shows a processing method of giving the freshness information for the message using the value of the CAN-ID 811. If the processing type is "insert", this indicates that the update information is inserted into a blank area of the data field, that is, that the update information is added to the control data. In the case where the processing type is "XOR", it means that exclusive or (XOR) processing of the control data and the update information is performed. For example, as a position to insert the latest information, the verification target bit 814 described later may be used, or a predetermined number of bits may be inserted. In this way, the update information is given to the control data within a predetermined data length range.
The rule category 813 indicates information for identifying a verification method for a message using the value of the CAN-ID811 in the determination processing of an improper message in step 224. The verification object bit 814 indicates a bit value to be a verification object in verification for a message using the value of CAN-ID 811.
In step 43, the communication message control unit 104 proceeds to step 44 when the process type 812 corresponding to the CAN-ID811 acquired in step 42 is "XOR", and proceeds to step 45 when the process type 812 is "insert". In step 44, the freshness information management unit 102 acquires the freshness information generated in step 303 from the password-related information storage unit 106, and performs exclusive or processing with the control data acquired in step 41. In step 45, the latest information management unit 102 acquires the latest information generated in step 303 from the password-related information storage unit 106, and adds the latest information to the blank area of the data field.
In step 46, the encryption processing unit 105 acquires the encryption key from the key management unit 103, and encrypts the control data to which the update information is given in step 44 or step 45. In step 47, the communication message control unit 104 adds header information such as CAN-ID and trailer information to the control data encrypted in step 46, and generates a communication message.
Fig. 5 is a diagram showing an example of a data structure of a communication message. The communication message contains header information 511, data field 512, and trailer information 515. The header information 511 includes information such as CAN-ID. The data field 512 is a payload length and is provided with control data. The trailer information 515 includes information determined by a protocol such as CRC (Cyclic Redundancy Check).
The data field 512 is "control data XOR update information 517" when the exclusive or between the control data and the update information is calculated in step 44, and is "Enc (control data XOR update information) 518" when encrypted in step 46. The data field 512 is a combination of the control data 513 and the update information 514 when the update information is given to the control data in step 45, and is "Enc (control data, update information) 516" when encrypted in step 46. At step 48, the communication message control unit 104 transmits the communication message generated at step 47 via the communication I/O2.
Through the above steps, the transmission information processing apparatus 21 can generate a message for discriminating an unauthorized message and transmit the message to the reception information processing apparatus 22. In the above step, only unspecified information such as pseudo random numbers may be used as the latest information for the purpose of reducing the processing, and step 46 may be omitted.
Fig. 6 is a flowchart showing an example of processing at the time of communication message reception in the information processing apparatus 20. Fig. 6 shows a schematic processing flow of steps 221 to 225 in fig. 2, in which, when the control unit 1 of the reception information processing apparatus 22 receives the message having the data structure shown in fig. 5, the message analysis unit 108 is used to analyze the data structure of the received message and determine whether or not the received message is an unauthorized message.
In step 601, the communication message control unit 104 receives a message transmitted from another information processing apparatus via the communication I/O2. In step 602, the communication message control unit 104 verifies, using the message analysis unit 108, whether or not the value of the CRC calculated from the given verification target matches the value of the CRC given to the tail information 515. In step 603, if the CRC verified in step 602 has no error, the process proceeds to step 604, and if there is an error, the process is terminated, and a predetermined error process defined by the CAN is executed. In step 604, the decoding processing unit 109 acquires the decoding key from the key management unit 103, and decodes the message determined in step 603 as having no CRC error.
In step 605, the communication message control unit 104 acquires the CAN-ID included in the header information 511 of the received message by using the message analysis unit 108, and acquires the process type 812 of the CAN-ID with reference to the verification rule information storage unit 110. In step 606, the communication message control unit 104 proceeds to step 607 when the process type 812 acquired in step 605 is "XOR", and proceeds to step 608 when the process type 812 is "insert". At step 607, the latest information management unit 102 acquires the data field 512 using the message analysis unit 108, acquires the latest information shared by the information processing apparatuses 20 from the communication information storage unit 107, and performs exclusive or processing between the data field 512 and the latest information.
In step 608, the unauthorized message authentication unit 111 performs an unauthorized message determination process for determining an unauthorized received message based on the data field 512 extracted from the received message in step 601 or the output data of the exclusive or process of the data field 512 and the latest information in step 607. The details of the unauthorized message determination processing will be described later with reference to the flowchart of fig. 7. In step 609, the unauthorized message authentication unit 111 proceeds to step 612 if it determines that the message is an unauthorized message in step 608, and proceeds to step 610 if it determines that the message is not an unauthorized message.
In step 610, the communication message control unit 104 verifies whether or not the timing is a timing for performing the synchronization process using the synchronization processing unit 112. For example, a threshold value is set in advance so that synchronization processing is performed for each CAN-ID according to the number of communication messages, the number of counters updated each time a communication message is received is compared with the threshold value, and when the number of counters matches the threshold value, it is determined that the timing of synchronization processing is performed. Of course, time information and the like may be used instead of the number of communications. In step 611, the communication message control unit 104 proceeds to step 612 if it is determined by the synchronization processing unit 112 that the timing is the synchronization processing timing, and proceeds to step 614 if it is determined that the timing is not the synchronization processing timing.
In step 612, the communication message control unit 104 generates a message for synchronization using the synchronization processing unit 112. For example, a message including the CAN-ID for synchronization and the latest information is generated. Further, a symbol such as MAC may be given to prove the completeness of the latest information. In step 613, the communication message control unit 104 transmits the synchronization message generated in step 612 via the communication I/O2. At step 614, the communication message control unit 104 executes a predetermined control process based on the received message determined not to be unauthorized at step 609.
The transmission information processing apparatus 21 receives the synchronization message output in step 613 via the communication I/O2. The transmission information processing device 21 determines whether or not the update information given by the reception information processing device 22 included in the synchronization message matches the update information held by the transmission information processing device 21. When the update information does not match, the transmission information processing device 21 updates the update information by the update information management unit 102 of the transmission information processing device 21, for example, based on the update information included in the synchronization message. The transmission information processing device 21 can synchronize the update information among the information processing devices by setting the update information used by the transmission information processing device 21 to be the same as the update information included in the synchronization message.
Through the above steps, when receiving a message having the data structure shown in fig. 5 from another information processing apparatus, the control unit 1 in the reception information processing apparatus 22 can analyze the data structure of the received message using the message analysis unit 108 and determine whether or not the received message is an unauthorized message.
Fig. 7 is a flowchart showing an example of the unauthorized message determination process in the information processing apparatus 20. Fig. 7 shows a schematic processing flow of the unauthorized message determination processing executed in step 608 of fig. 6.
In step 71, the unauthorized message authentication unit 111 acquires the rule type 813 corresponding to the CAN-ID of the received message from the authentication rule information storage unit 110. In step 72, the unauthorized message authentication unit 111 acquires the authentication target bit 814 corresponding to the CAN-ID of the received message from the authentication rule information storage unit 110. In step 73, the unauthorized message authentication unit 111 authenticates whether or not the message is an unauthorized message based on the rule type and the authentication target bit acquired in steps 71 and 72.
For example, if the rule type is "Counter", it is verified whether or not the latest information inserted into the verification target bit 814 matches the latest information held by the reception information processing apparatus. If the rule type is "fixed", it is verified whether or not the value of the bit described in the verification target bit 814 has changed from a predetermined value. If the rule type is "range", it is verified whether or not the value of the bit described in the verification target bit 814 is within a range from a predetermined minimum value to a predetermined maximum value. If the rule type is "checksum", it is verified whether or not the value of the bit described in the verification target bit 814 matches the value of the checksum calculated by the given checksum calculation method. As such a rule type, a plurality of rules may be applied to one CAN-ID.
In step 74, the unauthorized message authentication unit 111 proceeds to step 76 if it is determined in step 73 that the authentication rule is deviated, and proceeds to step 75 if it is determined that the authentication rule is not deviated. In step 75, the unauthorized message verifying unit 111 sets the verification rule deviation flag to "invalid (OFF)", and proceeds to step 610 based on the flag in step 609. In step 76, the unauthorized message authentication unit 111 sets the authentication rule deviation flag to "valid (ON)" and proceeds to step 612 based ON the flag in step 609.
Through the above steps, the reception information processing apparatus 22 can determine whether or not the received message is an unauthorized message.
According to the above embodiment, the following operational effects can be obtained.
(1) The information processing apparatus 20 receives a communication message generated based on the freshness information and the control data from the other information processing apparatus. The information processing device 20 includes: a freshness information generating unit 101 for generating freshness information; and a recency information management unit 102 that extracts recency information from the received communication message. In the present embodiment, a communication message generated based on the recency information and the control data is received, and the recency information is extracted from the received communication message. Therefore, the communication message can be verified without increasing the number of messages.
(2) The update information is updated according to the synchronization communication message. Therefore, even if a replay attack is performed in which a message is intercepted, acquired in advance, and retransmitted, the retransmitted message can be detected as an unauthorized message. That is, the retransmitted communication message used for the replay attack contains the latest information at a time point earlier than the time point at which the information processing apparatus on the reception side decodes the communication message. Thus, replay attacks can be protected.
(3) The freshness information management unit 102 updates the freshness information based on the communication message, and synchronizes the freshness information updated by the freshness information management unit 102 with the freshness information updated by another information processing apparatus based on the communication message for synchronization including the freshness information. In this way, the information processing apparatus on the receiving side that receives the communication message generated based on the freshness information and the control data can synchronize with the freshness information of the information processing apparatus on the transmitting side. That is, the update information updated by each information processing device 20 can be made the same.
(4) The communication message is generated by giving the control data the latest information within a predetermined data length range. Thus, an unauthorized message can be detected without increasing the number of messages. Since the number of messages is not increased, an increase in communication load due to an increase in the number of messages can be avoided. In addition, since the data field of the control data is provided with the update information by insertion or exclusive or, it is possible to verify an unauthorized message without changing the communication protocol.
(5) The information processing device 20 further includes: an authentication rule information storage unit 110 for storing an authentication rule corresponding to the type of control data; and an unauthorized message verification unit 111 that verifies whether the control data is correct or incorrect based on the verification rule. In the present embodiment, the verification rule corresponding to the CAN-ID assigned for each type of control data is stored, and the detection of the unauthorized message is performed based on the verification rule. In this way, the verification rule can be changed according to the type of control data. Since the authentication rule is not transmitted over the network, it is possible to prevent the authentication rule from being acquired improperly.
(6) The verification rule information storage unit 110 stores the type of control data in association with the data verification area, and the unauthorized message verification unit 111 verifies whether or not the control data is correct based on the data in the data verification area. In this way, the data verification area can be changed according to the type of control data. Since the data verification area is not transmitted over the network, it is possible to prevent the data verification area from being improperly acquired.
(7) The unauthorized message verification unit 111 verifies whether or not the control data is correct based on at least one of verification using the minimum value and the maximum value of the control data, verification using a predetermined area of the control data, and verification using a checksum of the control data as a verification rule. In this way, the data verification method can be changed according to the type of control data.
(8) The information processing device 20 further includes a synchronization processing unit 112, and when the illicit message verification unit 111 determines that the control data is not legitimate data, the synchronization processing unit 112 generates a communication message for synchronization including the latest information updated by the latest information management unit 102 and transmits the communication message to another information processing device. Thus, when an unauthorized message is received, the latest information can be synchronized between the information processing apparatuses.
(9) Regardless of the result of the verification performed by the unauthorized message verifying section 111, the synchronization processing section 112 generates a communication message for synchronization at a predetermined cycle and transmits the communication message to another information processing apparatus. Thus, the synchronization of the latest information between the information processing apparatuses can be performed at a predetermined cycle.
(10) The freshness information management unit 102 calculates an exclusive or of the received communication message and the freshness information, and extracts the freshness information from the received communication message. Thus, the control data can be provided with the latest information without increasing the number of messages.
The following modifications are also within the scope of the present invention, and one or more of the modifications may be combined with the above-described embodiments.
(modification 1)
In the above-described embodiment and modification, CAN was described as an example of the communication standard, but the present invention is not limited to this, and CAN be applied to CAN-FD and Ethernet (registered trademark), for example. The data length of the CAN-FD is variable from 8 bytes to 64 bytes with respect to the fixed length of the CAN data length of 8 bytes, and the data length is determined for each CAN-ID. Therefore, when the data field of the CAN-ID does not use all 64 bytes, a method of embedding the latest information in the blank area in the data field CAN be added. In the case of Ethernet, the rule to be applied may be selected using a transmission source address or the like instead of the CAN-ID.
(modification 2)
In the above-described embodiment and modification, the in-vehicle network is used as the target of the description, but the present information processing apparatus is not limited to this, and can be applied to apparatuses in a control system and an information system.
The above description has been made of various embodiments and modifications, but the present invention is not limited to these. Other embodiments that come within the scope of the technical idea of the present invention are also included in the scope of the present invention.
For example, the present invention can be applied to various information processing apparatuses that receive a communication message generated based on the update information and the control data from another information processing apparatus, and such various information processing apparatuses include: a newest information generating unit for generating newest information; and a freshness information management unit that extracts the freshness information from the received communication message.
Further, the present invention can be applied to a method of detecting whether or not a communication message generated by one information processing apparatus based on the freshness information and the control data is an improper message in another information processing apparatus, which is a improper message detection method in which a processor of one information processing apparatus generates the freshness information and a processor of another information processing apparatus extracts the freshness information from the communication message.
The disclosures of the following priority base applications are hereby incorporated by reference.
Japanese patent application No. 218336, year 2015 (application 11/6, year 2015).
Description of the symbols
1 a control unit;
2 communication I/O;
3, a bus;
20 an information processing device;
101 a latest information generation unit;
102 an update information management unit;
110 an authentication rule information storage unit;
111 an unauthorized message authentication unit;
112 synchronization processing section.

Claims (10)

1. An information processing apparatus that receives a communication message generated based on control data and freshness information that is information relating to freshness of the communication message from another information processing apparatus, the information processing apparatus comprising:
a freshness information generation unit that generates the freshness information; and
a freshness information management section that extracts the freshness information from the received communication message,
the updatability information management unit updates the updatability information based on the communication message, and synchronizes the updatability information updated by the updatability information management unit with the updatability information updated by the other information processing apparatus based on a communication message for synchronization including the updatability information,
the freshness information management unit acquires a seed of a pseudo random number generator, auxiliary information for generating a pseudo random number, or an internal state of the pseudo random number generator, generates a pseudo random number sequence using the acquired seed, auxiliary information, or internal state, generates a sequence number string from the generated pseudo random number sequence, and sets the sequence number string as freshness information.
2. The information processing apparatus according to claim 1,
the communication message is generated by giving the control data the freshness information within a predetermined data length range.
3. The information processing apparatus according to claim 1 or 2,
the information processing apparatus further includes:
an authentication rule information storage unit that stores an authentication rule corresponding to a type of the control data; and
and an unauthorized message verification unit configured to verify whether the control data is correct or incorrect based on the verification rule.
4. The information processing apparatus according to claim 3,
in the verification rule information storage part, the kind of the control data and the data verification area are stored in association with each other,
the unauthorized message verification unit verifies whether or not the control data is correct based on the data in the data verification area.
5. The information processing apparatus according to claim 3,
the unauthorized message verification unit verifies whether or not the control data is correct based on at least one of a verification method using a minimum value and a maximum value of the control data, a verification method using a predetermined area of the control data, and a verification method using a checksum of the control data, as the verification rule.
6. The information processing apparatus according to claim 3,
the information processing apparatus further includes a synchronization processing unit that generates a communication message for synchronization including the latest information updated by the latest information management unit and transmits the communication message to the other information processing apparatus, when the unauthorized message verification unit determines that the control data is not valid data.
7. The information processing apparatus according to claim 3,
the information processing apparatus further includes a synchronization processing unit that generates a communication message for synchronization including the update information updated by the update information management unit and transmits the communication message to the other information processing apparatus,
the synchronization processing unit generates the communication message for synchronization at a predetermined cycle and transmits the communication message to the other information processing apparatus, regardless of the result of the verification performed by the unauthorized message verifying unit.
8. The information processing apparatus according to claim 1 or 2,
the freshness information management unit calculates an exclusive or of the received communication message and the freshness information, and extracts the freshness information from the received communication message.
9. A method for detecting an unauthorized message, in which one information processing apparatus generates a communication message based on latest information, which is information on the degree of freshness of the communication message, and control data, and another information processing apparatus detects whether or not the communication message is an unauthorized message,
the processor of the one information processing apparatus generates the freshness information,
the processor of the other information processing apparatus extracts the freshness information from the communication message,
the processor of the other information processing apparatus updates the freshness information in synchronization with the freshness information updated by the one information processing apparatus based on a communication message for synchronization containing the freshness information,
the processor of the other information processing apparatus acquires a seed of a pseudo random number generator, auxiliary information for generating a pseudo random number, or an internal state of the pseudo random number generator, generates a pseudo random number sequence using the acquired seed, auxiliary information, or internal state, generates a sequence number string from the generated pseudo random number sequence, and sets the sequence number string as latest information.
10. The illicit message detection method according to claim 9, wherein,
the communication message is generated by giving the control data the freshness information within a predetermined data length range.
CN201680063971.8A 2015-11-06 2016-10-20 Information processing apparatus and unauthorized message detection method Active CN108352991B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
JP2015-218336 2015-11-06
JP2015218336A JP6534913B2 (en) 2015-11-06 2015-11-06 Information processing apparatus and fraudulent message detection method
PCT/JP2016/081082 WO2017077868A1 (en) 2015-11-06 2016-10-20 Information processing device and unauthorized message detection method

Publications (2)

Publication Number Publication Date
CN108352991A CN108352991A (en) 2018-07-31
CN108352991B true CN108352991B (en) 2021-04-06

Family

ID=58661899

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201680063971.8A Active CN108352991B (en) 2015-11-06 2016-10-20 Information processing apparatus and unauthorized message detection method

Country Status (4)

Country Link
US (1) US10726161B2 (en)
JP (1) JP6534913B2 (en)
CN (1) CN108352991B (en)
WO (1) WO2017077868A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP7016783B2 (en) * 2018-10-17 2022-02-07 日立Astemo株式会社 Information processing equipment, management equipment
WO2020105657A1 (en) * 2018-11-22 2020-05-28 株式会社オートネットワーク技術研究所 Onboard relay device and relay method
JP7175858B2 (en) * 2019-08-07 2022-11-21 株式会社日立製作所 Information processing device and legitimate communication determination method
KR20210054939A (en) * 2019-11-06 2021-05-14 현대자동차주식회사 Apparatus for controlling a vehicle, system having the same and method thereof

Family Cites Families (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998003026A1 (en) 1996-07-11 1998-01-22 Gemplus S.C.A. Enhanced short message and method for synchronising and ensuring security of enhanced short messages exchanged in a cellular radio communication system
JPH10190651A (en) * 1996-12-24 1998-07-21 Omron Corp Remote control system
JP2000156685A (en) * 1998-11-18 2000-06-06 Fuji Heavy Ind Ltd Monitoring device for abnormality of vehicle control system
JP3672546B2 (en) * 2002-09-11 2005-07-20 株式会社半導体理工学研究センター Method and apparatus for determining optimum initial value in test pattern generator
DE10307403B4 (en) * 2003-02-20 2008-01-24 Siemens Ag Method for forming and distributing cryptographic keys in a mobile radio system and mobile radio system
US7725709B2 (en) * 2005-09-09 2010-05-25 Telefonaktiebolaget L M Ericsson (Publ) Methods for secure and bandwidth efficient cryptographic synchronization
JP2009164695A (en) 2007-12-28 2009-07-23 Fujitsu Ltd Wireless communication system and wireless communication apparatus
KR20100004470A (en) * 2008-07-04 2010-01-13 삼성전자주식회사 Apparatus and method for generating permutation sequence in a broadband wireless communication system
US20100005133A1 (en) * 2008-07-04 2010-01-07 Samsung Electronics Co. Ltd. Apparatus and method for generating permutation sequence in a broadband wireless communication system
US9106629B2 (en) * 2009-08-18 2015-08-11 Microsoft Technology Licensing, Llc Distributed algorithm for changing a shared value
JP5694851B2 (en) * 2011-05-27 2015-04-01 株式会社東芝 Communications system
JP2013048374A (en) * 2011-08-29 2013-03-07 Toyota Motor Corp Protection communication method
JP5770602B2 (en) 2011-10-31 2015-08-26 トヨタ自動車株式会社 Message authentication method and communication system in communication system
EP2832070B1 (en) * 2012-03-29 2020-05-20 Arilou Information Security Technologies Ltd. Device for protecting a vehicle electronic system
US8983069B2 (en) * 2013-03-14 2015-03-17 Robert Bosch Gmbh System and method for counter mode encrypted communication with reduced bandwidth
US9830298B2 (en) * 2013-05-15 2017-11-28 Qualcomm Incorporated Media time based USB frame counter synchronization for Wi-Fi serial bus
WO2015013440A1 (en) * 2013-07-23 2015-01-29 Battelle Memorial Institute Systems and methods for securing real-time messages
US9231936B1 (en) * 2014-02-12 2016-01-05 Symantec Corporation Control area network authentication
US9705678B1 (en) * 2014-04-17 2017-07-11 Symantec Corporation Fast CAN message authentication for vehicular systems
JP2016021700A (en) * 2014-07-15 2016-02-04 株式会社日立製作所 Information processing system, information processor, and control method for information processing system

Also Published As

Publication number Publication date
US10726161B2 (en) 2020-07-28
JP2017092634A (en) 2017-05-25
WO2017077868A1 (en) 2017-05-11
JP6534913B2 (en) 2019-06-26
US20180314857A1 (en) 2018-11-01
CN108352991A (en) 2018-07-31

Similar Documents

Publication Publication Date Title
EP3386163B1 (en) Apparatuses and methods for use in a can system
CN109600350B (en) System and method for secure communication between controllers in a vehicle network
CN104717201B (en) Network device and network system
EP3038318B1 (en) Communication control apparatus, communication control method and communication control program
EP2775660B1 (en) Message authentication method in communication system and communication system
KR101508497B1 (en) Data certification and acquisition method for vehicle
CN108352991B (en) Information processing apparatus and unauthorized message detection method
US11245535B2 (en) Hash-chain based sender identification scheme
EP2544400A2 (en) PUF based Cryptographic communication system and cryptographic communication method
US10425231B2 (en) Information processing apparatus and method for authenticating message
KR101549034B1 (en) Method for guarantying the confidentiality and integrity of a data in Controller Area Networks
KR20160104565A (en) Communication system and communication device
EP3451577B1 (en) Computing device, authentication system, and authentication method
EP2453606A1 (en) Secured Acknowledge Protocol for Automotive Remote Keyless Entry Systems and for Networked Sensor Devices
CN111865922B (en) Communication method, device, equipment and storage medium
US10200348B2 (en) Method to detect an OTA (over the air) standard message affected by an error
CN107466466B (en) Secure communication method, controlled device and equipment, remote control device and equipment
CN112930662B (en) Information processing apparatus and management apparatus
KR20190097216A (en) Computer-readable storage medium containing a method, apparatus and instructions for signing measurements of a sensor
CN113992331A (en) Vehicle-mounted Ethernet data transmission method, device and system
CN112995096A (en) Data encryption and decryption method, device and equipment
KR20200043018A (en) Communication method inside automotive
JP2021141567A (en) Information processing device, program update method, and data transmission method
JP2009272973A (en) Transmission terminal, reception terminal, and communication system
JP2018117388A (en) Authentication system, method and program, mobile device and server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder

Address after: Hitachinaka County, Japan

Patentee after: Hitachi astemo Co.,Ltd.

Address before: Hitachinaka County, Japan

Patentee before: HITACHI AUTOMOTIVE SYSTEMS, Ltd.

CP01 Change in the name or title of a patent holder